I recently discovered that I am being tracked while installing OpenBSD.

This is not new, but I am very annoyed and dismayed that there is no "opt out" feature in the OpenBSD installer. And that the collection of user data by OpenBSD is not openly discussed in the installation documentation.

How exactly is that "Big Brother"? It's not anymore information than is gathered by the most web server on internet?

__________________
"The basic tool for the manipulation of reality is the manipulation of words. If you can control the meaning of words, you can control the people who must use the words." -Philip K. Dick

Various installation script updates and fixes, and a new ftplist backend that tries to provide a good ftp server for you to use.

I couldn't find a public discussion in mailing list archives from that time period. That doesn't mean it did not occur.

Personally, I'm not too concerned that there is a recording of my public facing IP addresses that shows that I've run an OpenBSD installation script; anyone querying my bastion firewalls will discover I'm running the OS; I don't run services in "stealth" mode -- I use PF block rules with the return option -- and don't fear the fingerprints the OS and its services provide.

I expect all of the mirror servers log accesses locally but that is data stored by each mirror and not consolidated as in this collection.

I find myself thinking that this collection of metadata might have been better publicized, and that an "opt out" capability should be implemented. This data could be interpreted as PII in many jurisdictions, and the Project therefore acting in the dual roles of Data Collector and Data Processor.

We can certainly discuss this, and if there is consensus, perhaps one (or more) of us can develop a patch that provides both notification and "opt out" capability, for consideration by deraadt@ and the other developers who implemented and support the feature.

I find myself thinking that this collection of metadata might have been better publicized, and that an "opt out" capability should be implemented. This data could be interpreted as PII in many jurisdictions, and the Project therefore acting in the dual roles of Data Collector and Data Processor.

Thanks jggimi.

There actually is a work-around way of "opting out".

Only install from a full installxx.iso or installxx.fs image

Do not configure a network device during the install. (unplug the ethernet too?)

Last edited by comet--berkeley; 14th March 2014 at 04:10 PM.
Reason: suggest unplugging the ethernet

Chances are it's not going anywhere as Theo sees it as a useful feature. I don't think it's a bad thing, but a little bit of disclosure would have been nice. Debian does something similar for packages where the installer asks you if you want to submit statistics for the packages you've installed on your system.